Add EfiState to MachineState

EfiState will contain all the PE/COFF digests of EFI applications measured by
UEFI. These are typically bootloaders.
UEFI measures these values in PCR4.

go.work.sum

@@ -1,6 +1,7 @@
 cloud.google.com/go/iam v0.3.0 h1:exkAomrVUuzx9kWFI1wm3KI0uoDeUFPB4kKGzx6x+Gc=
 cloud.google.com/go/storage v1.22.1 h1:F6IlQJZrZM++apn9V5/VfS3gbTUYg98PS3EMQAzqtfg=
 github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
+github.com/google/go-tpm-tools v0.3.9/go.mod h1:22JvWmHcD5w55cs+nMeqDGDxgNS15/2pDq2cLqnc3rc=
 github.com/googleapis/gax-go v2.0.2+incompatible h1:silFMLAnr330+NRuag/VjIGF7TLp/LBrV2CJKFLWEww=
 github.com/googleapis/go-type-adapters v1.0.0 h1:9XdMn+d/G57qq1s8dNc5IesGCXHf6V2HZ2JwRxfA2tA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

proto/attest.proto

@@ -190,6 +190,21 @@ message AttestedCosState {
   SemanticVersion launcher_version = 3;
 }
 
+message EfiApp {
+  // The PE/COFF digest of the EFI application (pulled from the raw event digest).
+  bytes digest = 1;
+}
+
+// The verified state of EFI Applications. Policy usage on this machine state
+// should check the entire set of EFI App digests matches, not a subset.
+message EfiState {
+  // UEFI's OS Loader code is required to measure attempts to load and execute
+  // UEFI applications.
+  // UEFI applications are typically bootloaders such as shim and GRUB.
+  // These run and are measured using the UEFI LoadImage() service.
+  repeated EfiApp apps = 1;
+}
+
 // The verified state of a booted machine, obtained from an Attestation
 message MachineState {
   PlatformState platform = 1;
@@ -209,6 +224,8 @@ message MachineState {
   LinuxKernelState linux_kernel = 6;
 
   AttestedCosState cos = 7;
+
+  EfiState efi = 8;
 }
 
 // A policy dictating which values of PlatformState to allow